Tool Spotlight: Eyewitness

If you have ever had to conduct a large penetration test, you know just how daunting it can be when you finish port and service scanning and start looking at all the data. While I strongly recommend learning some python to help sift through data, I wanted to highlight a tool that I’ve used in the past for grabbing screenshots of various running services en masse.

EyeWitness, developed by Chris Truncer, is a handy little tool that allows you to quick and efficiently grab screenshots from various services, including:

RDP

VNC

HTTP / HTTPS

EyeWitness is able to run on both Windows and *nix platforms and provides a number of scanning configurations and reporting options.

As we all know, it can be quite tedious hitting all these services by hand to weed out the interesting bits. EyeWitness does all the hard work for you, allowing you to spend your time reviewing the output for interesting findings.

I’ve personally found this tool especially effective for quickly identifying administration interfaces of devices that aren’t commonly picked up by vulnerability scanners such as SCADA / ICS infrastructure.